Security breaches are now commonplace — 58% of organizations have experienced at least one in the past 12 months. As a result, IT security leaders are urgently scrambling to defend attacks at every entry point.
Worse yet, traditional approaches to security, based on the notion that you can keep out the “bad guys” out while letting in the good guys, have proven ineffective. Access control strategies that focus on separating trusted from untrusted users are missing the whole point. Mobile proliferation, reliance on outsourced partners and cloud technologies, and the regular occurrence of insider attacks mean that there is, in fact, no such thing as a trusted user.
Any identity and access management (IAM) strategy must rest on the assumption that no user or device can be trusted—Forrester calls this concept Zero Trust.